Facepalm: While cyber-criminals are quick at exploiting dangerous security flaws, Microsoft is often very slow with its patching work. Third-party services like 0patch can now provide an alternative way to secure Windows workstations, especially those with outdated versions of Windows.
Researchers at 0patch discovered a new zero-day vulnerability in Microsoft's NTLM technology, a security flaw that could easily compromise user credentials. The bug affects all Windows Server and Workstation versions from Windows 7 and Server 2008 R2 to the latest, fully updated Windows 11 24H2 and Server 2022. Microsoft still has to provide an official fix for the issue.
Update (Dec 11): This week Microsoft addressed 71 security flaws in December's Patch Tuesday update, including one that is already being actively exploited. As far as we can tell, none of these 71 fixes however solves the zero-day vulnerability in Microsoft's NTLM technology as addressed by 0patch.
This is the final Patch Tuesday update of 2024, and it resolves vulnerabilities in several Microsoft applications and services. Of the 71 issues, 16 are categorized as "critical," with most of the rest being deemed "high risk." One particular Windows vulnerability is already being targeted in real-world attacks, making it urgent to apply the update.
Over the course of 2024, Microsoft fixed a total of 1,020 security vulnerabilities, marking it the second-highest year for security issues, behind only 2020, which saw 1,250 vulnerabilities.
The vulnerability allows attackers to steal NTLM credentials by forcing users to view a specially designed file in Windows Explorer. The researchers explained that vulnerable systems can be compromised by just opening a shared folder or a USB disk drive or viewing a malicious file previously downloaded from a web browser.
The New Technology LAN Manager (NTLM) is an ancient and very insecure suite of protocols employed by Windows systems to provide user authentication and confidentiality. Researchers warn that NTLM passwords are weak, as they can be easily brute-forced with modern hardware that excels at number-crunching tasks.
The analysts reported the newly discovered issue to Microsoft as usual, but they also released a "micropatch" for the company's customers to quickly and transparently fix the hole. Patches issued by 0patch are microscopic binary modifications of processes running in memory, so they don't require a process or OS restart.
The micropatch for the NTLM zero-day flaw will remain free until Microsoft has provided an official fix. This patch is the third zero-day vulnerability 0patch recently found and reported to Microsoft, and Redmond has ignored them all. There are also three other previously disclosed NTLM-related flaws that Microsoft has not fixed, for which 0patch currently offers free updates.
The company said that 40 percent of its users are presently using 0patch to protect their systems against flaws in the "won't fix" category, while other users are installing these micropatches on their legacy Windows systems and Office releases. 0patch still offers security support for Windows 7 and will provide five extra years of security patches for Windows 10 after October 2025.